diff options
| author | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 10:36:29 +0100 |
|---|---|---|
| committer | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 10:36:39 +0100 |
| commit | 770b439c8495c3a0b16550c2f04740f31646d66b (patch) | |
| tree | 46ed7570ed1b742aca55c22f3efa5532a861cbee /service/test/support | |
| parent | 13378255c02b97184132881599ed47826963f54a (diff) | |
WIP: add csrf token to every request
Diffstat (limited to 'service/test/support')
| -rw-r--r-- | service/test/support/integration/app_test_client.py | 4 | ||||
| -rw-r--r-- | service/test/support/integration/multi_user_client.py | 8 |
2 files changed, 8 insertions, 4 deletions
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index d52c85c0..ee5a1df2 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -387,8 +387,8 @@ class AppTestClient(object): return res # TODO: remove - def delete_mail(self, mail_ident): - res, req = self.delete("/mail/%s" % mail_ident) + def delete_mail(self, mail_ident, csrf='token'): + res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf) return res def delete_mails(self, idents): diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py index 82acb210..fe8595fb 100644 --- a/service/test/support/integration/multi_user_client.py +++ b/service/test/support/integration/multi_user_client.py @@ -24,6 +24,7 @@ from pixelated.config.services import ServicesFactory from pixelated.config.sessions import LeapSessionFactory import pixelated.config.services +from pixelated.resources import IPixelatedSession from pixelated.resources.root_resource import RootResource from test.support.integration import AppTestClient from test.support.integration.app_test_client import AppTestAccount, StubSRPChecker @@ -57,7 +58,7 @@ class MultiUserClient(AppTestClient): else: when(Authenticator)._bonafide_auth(username, password).thenRaise(SRPAuthError) - def login(self, username='username', password='password'): + def login(self, username='username', password='password', from_request=None): session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False}) leap_session = self._test_account.leap_session leap_session.user_auth = session @@ -76,7 +77,10 @@ class MultiUserClient(AppTestClient): when(leap_session).initial_sync().thenAnswer(lambda: defer.succeed(None)) when(pixelated.config.services).Services(ANY()).thenReturn(self.services) - request = request_mock(path='/login', method="POST", body={'username': username, 'password': password}) + session = from_request.getSession() + csrftoken = IPixelatedSession(session).get_csrf_token() + request = request_mock(path='/login', method="POST", body={'username': username, 'password': password, 'csrftoken': csrftoken}, ajax=False) + request.session = session return self._render(request, as_json=False) def get(self, path, get_args='', as_json=True, from_request=None): |